Inventory Scanner Configuration

The Inventory Scanner is configured in the YAML file conf/xygeni.inventory.yml.

The scanner configuration file, conf/xygeni.inventory.xml contains properties for:

Selecting the files to include / exclude. Defaults are provided for common directories to ignore.
Configuration for report output, including the columns / fields to render.
Configuration for each ecosystem analyzer.
Scan configuration properties like mode = sequential or parallel. Parallel model use threads to run the scan in parallel across files and detectors.

Arguments from command line have priority over properties in this file.

# Configuration for xygeni Assets Inventory scanner.
# Arguments from command line have priority over properties in this file.

# Includes: list of glob patterns to include in analysis.
#
# A pattern could use ** (to match zero or more directories), * (zero or more characters
# in a directory or file name), and ? (one character).
# Examples: **/*.txt matches all files with 'txt' extension. **/test/** matches all files under any test directory.
#
# If empty, ALL files will be matched.
# The command-line argument -i or --include will be used when specified.
#
# A file is analyzed when matched by 'includes' AND NOT matched by 'excludes'.
includes: []

# Excludes: list of glob patterns to exclude from analysis.
# If empty, NO file will be excluded.
# The command-line argument -e or --exclude will be used when specified.
excludes:
  - ".git/**/*"
  - ".vscode/**/*"
  - "build/**/*"
  - "dev/**/*"
  - "**/__pycache__/**/*"
  - "**/.eggs/**/*"
  - "**/locales/**/*"
  - "**/spec/**/*"
  - "**/specs/**/*"
  - "**/test/**/*"
  - "**/tests/**/*"
  - "**/mock/**/*"
  - "**/mocks/**/*"
  - "**/integration/**/*"
  - "**/node_modules/**/*"
  - "**/bower_components/**/*"
  - "**/.xygeni.*.json"
  
# mode=sequential runs analyzers sequentially;
# mode=parallel runs analyzers in multiple threads, when analyzer is capable of parallel runs.
mode: parallel

# Timeout, in seconds, for the analysis to complete. 0 or negative means no timeout.
timeout: 600

# Config for reporters
report:
  - format: json
    prettyPrint: true

  - format: csv

    # Allowed values: "id", "kind", "scope", "name", "qualifiedName", "belongsTo", "fullyResolved", "path", "createdAt", "updatedAt", "tags", "properties"
    columns: [ "kind", "name", "qualifiedName", "belongsTo", "fullyResolved", "path", "createdAt", "updatedAt", "tags", "properties"]

    # Order specification. 'default' lists by kind first, then by name.
    # One of 'default' or 'id'.
    sort: default

  - format: text

    # Allowed values: "id", "kind", "scope", "name", "qualifiedName", "belongsTo", "fullyResolved", "path", "createdAt", "updatedAt", "tags", "properties"
    columns: [ "kind", "name", "belongsTo", "tags" ]

    # Order specification. 'default' lists by kind first, then by name.
    # One of 'default' or 'id'.
    sort: default

    # The style for table borders.
    # One of 'full', 'none', 'outside', 'inside', 'horizontal', 'vertical', 'topbottom'.
    # Use 'default' for border that works well for the underlying OS.
    borders: full

    # The block characters to use: 'ascii' (use '+', '|', '-' and '=')
    # or 'utf8' for UTF-8 block characters.
    # Use 'default' for the encoding that works best for the underlying OS.
    bordersEncoding: utf8

# The detectors to use for discovering SDLC assets
# are configured in resource files under inventory/*.yml

# List of detectors to run: IDs.
# Leave empty for no restriction (all detectors not disabled will be chosen).
# Command-line property --detectors overrides this.
runDetectors: []

# Same format as runDetectors, but for skipping the selected detectors.
# Leave empty for no restriction (all detectors not disabled will be chosen).
# Command-line property --skip-detectors overrides this.
skipDetectors: []

Inventory Assets Detectors Configuration

Assets for different ecosystems are processed by specific detectors. Each detector process matching files and other sources, and may invoke a tool API, when available, for gathering additional information for the asset.

The following ecosystems are supported:

Source Code Management (SCM) systems: GitHub, Azure Devops, BitBucket, GitLab.
Dependencies Management systems for multiple language ecosystems, including Package managers and Component Registries, like NPM, Maven, Gradle, Bower, Nuget, pip, go.mod, RubyGems, PHP Composer, Swift Package Manager, CocoaPods, Carthage, Cargo, etc.
CI/CD tools: The facility included by the SCM systems listed above, plus specialized CI/CD systems like Jenkins, CircleCI or Travis CI.
Security tools: Many kinds of security tools, as configured in the xygeni.security_tools.yml configuration file.
Cloud assets, like containers, container orchestrators, Infrastructure-as-Code (IaC) frameworks and provisioning tools, like Dockerfiles, docker-compose, Kubernetes, Terraform, Bicep, Azure Resource Manager, CloudFormation, Ansible, etc.
Collaborators: it is not active by default. See how Inventory Collaborators Scan can be run and what organization assets are gathered.

PreviousInventory Scanner NextInventory Collaborators Scan

Last updated 7 months ago

# Configuration for xygeni Assets Inventory scanner. # Arguments from command line have priority over properties in this file. # Includes: list of glob patterns to include in analysis. # # A pattern could use ** (to match zero or more directories), * (zero or more characters # in a directory or file name), and ? (one character). # Examples: **/*.txt matches all files with 'txt' extension. **/test/** matches all files under any test directory. # # If empty, ALL files will be matched. # The command-line argument -i or --include will be used when specified. # # A file is analyzed when matched by 'includes' AND NOT matched by 'excludes'. includes: [] # Excludes: list of glob patterns to exclude from analysis. # If empty, NO file will be excluded. # The command-line argument -e or --exclude will be used when specified. excludes: - ".git/**/*" - ".vscode/**/*" - "build/**/*" - "dev/**/*" - "**/__pycache__/**/*" - "**/.eggs/**/*" - "**/locales/**/*" - "**/spec/**/*" - "**/specs/**/*" - "**/test/**/*" - "**/tests/**/*" - "**/mock/**/*" - "**/mocks/**/*" - "**/integration/**/*" - "**/node_modules/**/*" - "**/bower_components/**/*" - "**/.xygeni.*.json" # mode=sequential runs analyzers sequentially; # mode=parallel runs analyzers in multiple threads, when analyzer is capable of parallel runs. mode: parallel # Timeout, in seconds, for the analysis to complete. 0 or negative means no timeout. timeout: 600 # Config for reporters report: - format: json prettyPrint: true - format: csv # Allowed values: "id", "kind", "scope", "name", "qualifiedName", "belongsTo", "fullyResolved", "path", "createdAt", "updatedAt", "tags", "properties" columns: [ "kind", "name", "qualifiedName", "belongsTo", "fullyResolved", "path", "createdAt", "updatedAt", "tags", "properties"] # Order specification. 'default' lists by kind first, then by name. # One of 'default' or 'id'. sort: default - format: text # Allowed values: "id", "kind", "scope", "name", "qualifiedName", "belongsTo", "fullyResolved", "path", "createdAt", "updatedAt", "tags", "properties" columns: [ "kind", "name", "belongsTo", "tags" ] # Order specification. 'default' lists by kind first, then by name. # One of 'default' or 'id'. sort: default # The style for table borders. # One of 'full', 'none', 'outside', 'inside', 'horizontal', 'vertical', 'topbottom'. # Use 'default' for border that works well for the underlying OS. borders: full # The block characters to use: 'ascii' (use '+', '|', '-' and '=') # or 'utf8' for UTF-8 block characters. # Use 'default' for the encoding that works best for the underlying OS. bordersEncoding: utf8 # The detectors to use for discovering SDLC assets # are configured in resource files under inventory/*.yml # List of detectors to run: IDs. # Leave empty for no restriction (all detectors not disabled will be chosen). # Command-line property --detectors overrides this. runDetectors: [] # Same format as runDetectors, but for skipping the selected detectors. # Leave empty for no restriction (all detectors not disabled will be chosen). # Command-line property --skip-detectors overrides this. skipDetectors: []